Compliance in the C-Suite

These days, headline-grabbing, reputation-damaging investigations by government into pharma business practices, at home and abroad, seem almost as frequent as new drug approvals. Just before this article went to press, Lilly announced a $29 million settlement with the Securities and Exchange Commission (SEC) for alleged violations of the Foreign Corrupt Practices Act (FCPA); this in addition to having signed a Corporate Integrity Agreement (CIA) in 2009, which included a payment of $1.4 billion to settle criminal and civil charges related to off-label promotion under the Food, Drug, and Cosmetic Act (FDCA), and the whistle-blower provisions of the False Claims Act.

Lilly's 2009 settlement and CIA also codified the company's pre-established compliance program, which includes "a chief compliance officer who reports directly to the board of directors and the CEO, and a compliance committee," according to the CIA. "The compliance program also includes a code of conduct (known as 'The Red Book') applicable to all employees that is regularly reviewed and disseminated, written policies and procedures, educational and training initiatives, a disclosure program that allows for the confidential disclosure and investigation of potential compliance violations and appropriate disciplinary procedures, and regular monitoring and internal auditing procedures." All this from the CIA's preamble, page one of 67.

At the time, Lilly's 2009 settlement represented the largest corporate criminal fine in history, according to the Department of Justice (DOJ). By the end of 2012, that record had been broken several times. When DOJ announced the "largest healthcare fraud settlement in US history" last summer, GlaxoSmithKline became the new record-holder, on the hook for a cool $3 billion, and a CIA that runs to 122 pages.

In addition to worrisome compliance areas like off-label promotion in the US and bribery in global markets, the Physician Payment Sunshine Act is expected to come online next year, which could put executives in the time-consuming position of having to defend legitimate business interactions with healthcare providers. Government has also signaled a growing interest in R&D and medical affairs, particularly in relation to clinical investigator controls, reporting from clinical programs, and how contract research organizations are and should be monitored.

All of this is to say that compliance issues, and by extension chief compliance officers, are gaining momentum and have moved from the background of business operations to the foreground, and for good reason. Government is taking an active interest in not only whether or not rules are being broken, but also whether companies have duly empowered compliance teams by creating programs, policies, and management structures designed to prevent compliance issues from arising in the first place. Organizations putting the correct structures and processes in place, before federal investigators come knocking, can save a lot of money and time by avoiding costly settlements and CIA negotiations, in addition to placing themselves in the exclusive company of other organizations unbound by looming litigation and the kinds of red tape that kills deals and collaborations.